Posted
by
samzenpus
on Thursday August 25, 2011 @12:09AM
from the das-ist-streng-verboten dept.

JohnBert writes "A German privacy protection authority is calling on organizations there to close their Facebook fan pages and remove the social networking site's 'Like' button from their websites, arguing that Facebook harvests data in violation of German and European Union law. The Independent Centre for Privacy Protection (ULD), the privacy protection agency for the German state of Schleswig-Holstein, issued a news release on Friday saying Facebook builds a broad, individualized profile for people who view Facebook content on third-party websites. Data is sent back to Facebook's servers in the U.S., which the agency alleges violates the German Telemedia Act, the German Federal Data Protection Act and the Data Protection Act of Schleswig-Holstein. The agency alleges the data is held by Facebook for two years, and wants website owners in the state to remove links to Facebook by the end of next month or possibly face a fine."

A government fining websites that -link- to facebook would be a pretty scary step. Banning linking to -legal- websites now, just because we don't like it? Geez. I thought the progression from banning child porn and copyrighted music was going to take longer than a few years, but apparently not. We can expect that linking to news and blogs not approved by the ministry of the internet will be punishable by death within 4 years, right?

They do not ban linking to facebook because they do not like it.They ban providing Facebook (throught the "like", "become a fan",... links) with information that they WILLINGLY and KNOWINGLY are not handling according to the rules and regulations in Germany.In other words: they are banning sites from cooperating with illegal actions. And I do not see the problem in that, because as far as I know that is already illegal.

"Banning linking to -legal- websites now, just because we don't like it? Geez."

Try again.This is in Germany, and only applies to websites that are hosted in Germany.In Germany, Facebook would not be able to be hosted because Facebooks datamining systems are ILLEGAL in Germany. They violate privacy laws and violate laws that describe how, where, and when, personal/private information may be transmitted.Since Facebook is NOT hosted in Germany, the German government can't touch Facebook itself and are not tryi

I wonder if Germany will extradite, or detain whilst on holiday, Facebook's directors to face trial in Germany for their crimes? (in the same manner as European gambling websites directors have been extradited to the USA). If not, then it's just yet more hot air designed to look good in media soundbites.

That's why they're going after the websites linking to Facebook, not Facebook itself...

Furthermore, there'd be no problem at all if they replaced the button with something which only loads the Facebook code if a user clicks on it - rather than anytime I open a page with such a button on it.

Under common law, you cannot be trialed in a country for offenses made in another country. While living in the US you are subject to US law. While living in Germany you are subject to German law. This is commonly held by most of the world, the US being the major exception which trials people for doing "crimes" outside the US...

No, because Facebook are not violating any German laws as they are not in Germany. What is against the law is exporting personal information outside the EU unless you have a safe harbour agreement in place where the company you are exporting it to agrees to comply with EU law in respect of that data.

Read the story. Or even read the summary. They are not banning links to facebook. If the sites had a <a href="http//www.facebook.com> link on their page, the government would not care. What they care about is that javascript snippet that collects user information about you and your friends when you visit the page and sends it back to facebook, whether you click on the "like" button or not. The EU in general and Germany in particular have strong rules about what information a corporation is allowed to collect and retain about you. Facebook breaks the rules.

I wish my government was as strong. You can say, "don't" go to such websites, but so many sites have opted into facebook's koolaid, that it would be a limited web indeed. Competition only works when you have a real choice.

The agency alleges the data is held by Facebook for two years, and wants website owners in the state to remove links to Facebook by the end of next month or possibly face a fine."

I recognize there is a big difference between the "like" button and a simple link, but the article says "link." To be fair, I suspect it was the article's mistake. Still, I wouldn't trust that a government official knew the difference between javascript and a link.

Moreover, my concerns are not completely assuaged. Facebook's like buttons are still a far cry from child porn and warez. It seems to me that this is still an escalation in what governments can ban on the inte

I recognize there is a big difference between the "like" button and a simple link, but the article says "link." To be fair, I suspect it was the article's mistake. Still, I wouldn't trust that a government official knew the difference between javascript and a link.

Then you would be mistaken. The original report [datenschutzzentrum.de] is pretty detailed and documents Facebook's tracking user techniques even at the Javascript level.

A government fining websites that -link- to facebook would be a pretty scary step.

I agree. But this story is NOT about linking to websites. I can add a a href= link to facebook and nobody gets tracked. The like buttons are not pure links. If you add a img src link to an image hotlinked at my server or more disturbing, include javascript hosted on my server on your site then we are talking about something completely different. I can not track a simple a href= link to my site. I CAN track hotlinked images and javascript. See the huge difference now?

I've been running a web proxy at home for awhile now and the more I review the logs, the more I see that the entire WWW is a massive data collection engine. Trying to keep up with blocks is like playing whack-a-mole (albeit similarly satisfying).

I agree with their call to action to have FaceBook links removed, but I'd also add that this is only the tip of the iceberg.

I solve this by taking a whitelist approach. Want my browser to run your scripts/flash or accept your cookies? Only if I allow it. Disable disk caching because it's not worth allowing evercookies to survive. Set flash storage to clear on browser exit. Disable geolocation API and HTML5 storage, because I can't control access to those individually (yet). Problems solved.

But as someone who has spent the last 30+ years living amongst the humans I'm going to have to regretfully inform you that world governments actually DO have to put these kinds of laws into enforcement.I wish they didn't. I really do.But the general population is just way to gullible and stupid to leave the internet open.We need laws like this for the same reason we have other anti-scam laws.Because the general population is SO STUPID that

But this is only half of the intellectual conversation on the topic. This position only holds as a moral position if people are informed BEFORE they ever visit a website what information their browser and computer will provide to that site, because by the time you click and see a like button, it's done. You did not get to make an informed choice.

Your position would only solve the moral conundrum if it was instead legally forced for every website to somehow convey their collection levels before ever collected.

Facebook not only doesn't do this, they actively provide disinformation on the subject. As Facebook is not subject to German law in THAT sense, the most consistently just thing the government can do in this case is prevent the websites within their country from participating in a foreign company that will never comply with the law you have written regarding the freedom of self-determination.

If websites warned users before actually being served a webpage that there was a Facebook like button, and that button would lead to a violation of their Constitutional rights as citizens of that government, it might be acceptable.

But even then, you are capitulating within your own rights as citizens for the sake of "private property". Or rather, you are allowing the idea of closed ownership of something to supercede what you believe as a society is inherently true about being human.

Your position would only solve the moral conundrum if it was instead legally forced for every website to somehow convey their collection levels before ever collected.

And to get a feel for how this would work, try browsing something like CNN using Lynx. How do you like all those cookie prompts? Now imagine it literally times six: Not just traditional cookies, but disk cached images (used as part of evercookies AKA zombie cookies), Flash storage, HTML5 storage, geolocation data requests, and Javascript. And soon maybe Google's NaCL, AKA ActiveX 2: Fail Harder.

You are missing something: In Germany you own your personal information. Facebook is not allowed to store or use your personal information without your consent. The facebook "Like" button is not just a link, it's a javascript program that sends personal information to Facebook.

This has nothing to do with links per se. This is about the government making sure that web sites do not break any laws - in that case German privacy laws are breached by placing behavioural tracking links on web sites . It is my educated guess that U.S. authorities do the same (=make sure the laws are followed) in the U.S.A., too.

Those GIFs at least have some measure of anonymity. With Facebook, the user has willingly shared all information as he cares to give to the ad-selling network: name, friends, where they live, things they like, where they hang-out, when they are usually online, and with the Like button virus, what websites they visit...

Here in Germany it mostly is, yes. Website operators are not allowed to store any personally identifiable information without the user's prior consent. So strictly speaking even Apache's default log settings violate our data protection and privacy laws. There are very limited exceptions for information that is required to process technical operations (eg. the landline-IP mapping at ISPs required to get on the internet) or to protect systems from attacks (eg. a temporary log of recent visitors' IP addresses

Germany has strict privacy laws because they have learned from history. For the same reason the percentage of people who highly value privacy among the general populace is higher than most other countries as well.

The thing is, even if we disregard conspiracy theories about how Zuck is a CIA drone the three letter agencies will have access to all the data they ask for anyway, and they can do so even overtly since the PATRIOT act. Not to mention people are entrusting their identities, social and political inc